From ecf3f114e3d7398b44b560d4f2569791f4bbb254 Mon Sep 17 00:00:00 2001 From: Amee Lepcha Date: Mon, 28 Jul 2025 16:54:14 +0530 Subject: [PATCH 1/6] Scheduled Searches: Subquery optimization --- blog-service/2025-07-28-alerts.md | 26 +++++++++++++++++++ .../scheduled-searches/schedule-search.md | 4 +++ 2 files changed, 30 insertions(+) create mode 100644 blog-service/2025-07-28-alerts.md diff --git a/blog-service/2025-07-28-alerts.md b/blog-service/2025-07-28-alerts.md new file mode 100644 index 0000000000..76097b5d5d --- /dev/null +++ b/blog-service/2025-07-28-alerts.md @@ -0,0 +1,26 @@ +--- +title: Time range limits for subqueries in Scheduled Searches (Alerts) +image: https://help.sumologic.com/img/reuse/rss-image.jpg +keywords: + - alerts + - scheduled searches + - subqueries +hide_table_of_contents: true +--- + +To help you optimize query execution and improve data retrieval efficiency, we’ve introduced time range limits for sub-queries in scheduled searches. + +These enhancements: +- Improve query performance and responsiveness. +- Encourage efficient search practices. +- Support sustainable resource usage. + +**Who benefits** +Data analysts, IT operations, and security engineers seeking faster, more efficient investigations without compromising functionality. + +**Why it matters** +Inefficient long-term queries cost millions in compute resources and delay resolution times. This update keeps our platform high-performing and cost-effective, without sacrificing power or usability. + +This change helps prevent long-running, inefficient queries, especially those impacting system stability and driving up costs. While maintaining flexibility, these optimizations protect system health and reduce operational overhead. + +[Learn more](/docs/alerts/scheduled-searches/schedule-search/#step-3-time-range). \ No newline at end of file diff --git a/docs/alerts/scheduled-searches/schedule-search.md b/docs/alerts/scheduled-searches/schedule-search.md index d56352b179..8b0195d919 100644 --- a/docs/alerts/scheduled-searches/schedule-search.md +++ b/docs/alerts/scheduled-searches/schedule-search.md @@ -44,6 +44,10 @@ The [time range](../../search/get-started-with-search/search-basics/time-range-e This setting is different than the Time Range option configured for the Saved Search. The first time range is only used when you run the Saved Search from the Library. This Time Range applies to your Scheduled Search. ::: +:::note +The time range limitations below applies to both parent queries and sub-queries in your scheduled search. +::: + Alternately, type a time range; for example, -15m to run the search against data generated in the past 15 minutes. A time range outside the maximum allowed range for a given frequency is not allowed and presents the message like this: `Invalid query. Max allowed time range for 15 minutes frequency is 1 day`. The maximum allowed time range for different Scheduled Search frequencies is as below: From afac3bfed2ee79d6db4cec02d8896556904a347b Mon Sep 17 00:00:00 2001 From: Jagadisha V <129049263+JV0812@users.noreply.github.com> Date: Mon, 28 Jul 2025 17:54:26 +0530 Subject: [PATCH 2/6] Update 2025-07-28-alerts.md --- blog-service/2025-07-28-alerts.md | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/blog-service/2025-07-28-alerts.md b/blog-service/2025-07-28-alerts.md index 76097b5d5d..7abdf7424d 100644 --- a/blog-service/2025-07-28-alerts.md +++ b/blog-service/2025-07-28-alerts.md @@ -10,17 +10,20 @@ hide_table_of_contents: true To help you optimize query execution and improve data retrieval efficiency, we’ve introduced time range limits for sub-queries in scheduled searches. -These enhancements: -- Improve query performance and responsiveness. +Key benifits of this enhancements include: + +- Improved query performance and responsiveness. - Encourage efficient search practices. - Support sustainable resource usage. **Who benefits** + Data analysts, IT operations, and security engineers seeking faster, more efficient investigations without compromising functionality. -**Why it matters** +**Why it matters?** + Inefficient long-term queries cost millions in compute resources and delay resolution times. This update keeps our platform high-performing and cost-effective, without sacrificing power or usability. This change helps prevent long-running, inefficient queries, especially those impacting system stability and driving up costs. While maintaining flexibility, these optimizations protect system health and reduce operational overhead. -[Learn more](/docs/alerts/scheduled-searches/schedule-search/#step-3-time-range). \ No newline at end of file +[Learn more](/docs/alerts/scheduled-searches/schedule-search/#step-3-time-range). From 3a572ada69cfbe9ac2d7ca79eb05cdae506ece83 Mon Sep 17 00:00:00 2001 From: Amee Lepcha Date: Mon, 28 Jul 2025 18:03:42 +0530 Subject: [PATCH 3/6] Update 2025-07-28-alerts.md --- blog-service/2025-07-28-alerts.md | 14 ++------------ 1 file changed, 2 insertions(+), 12 deletions(-) diff --git a/blog-service/2025-07-28-alerts.md b/blog-service/2025-07-28-alerts.md index 7abdf7424d..ca8f28812c 100644 --- a/blog-service/2025-07-28-alerts.md +++ b/blog-service/2025-07-28-alerts.md @@ -8,22 +8,12 @@ keywords: hide_table_of_contents: true --- -To help you optimize query execution and improve data retrieval efficiency, we’ve introduced time range limits for sub-queries in scheduled searches. +We've introduced time range limits for sub-queries in scheduled searches. This change helps you prevent long-running, inefficient queries, especially those impacting system stability and that drive up costs. While maintaining flexibility, these optimizations protect system health and reduce operational overhead. -Key benifits of this enhancements include: +Key benefits of this enhancements include: - Improved query performance and responsiveness. - Encourage efficient search practices. - Support sustainable resource usage. -**Who benefits** - -Data analysts, IT operations, and security engineers seeking faster, more efficient investigations without compromising functionality. - -**Why it matters?** - -Inefficient long-term queries cost millions in compute resources and delay resolution times. This update keeps our platform high-performing and cost-effective, without sacrificing power or usability. - -This change helps prevent long-running, inefficient queries, especially those impacting system stability and driving up costs. While maintaining flexibility, these optimizations protect system health and reduce operational overhead. - [Learn more](/docs/alerts/scheduled-searches/schedule-search/#step-3-time-range). From cc6d4374dc2dcfde025a7db897a8d3184492cb8d Mon Sep 17 00:00:00 2001 From: Amee Lepcha Date: Mon, 28 Jul 2025 20:47:18 +0530 Subject: [PATCH 4/6] Update docs/alerts/scheduled-searches/schedule-search.md Co-authored-by: Kim (Sumo Logic) <56411016+kimsauce@users.noreply.github.com> --- docs/alerts/scheduled-searches/schedule-search.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/alerts/scheduled-searches/schedule-search.md b/docs/alerts/scheduled-searches/schedule-search.md index 8b0195d919..0b020f3415 100644 --- a/docs/alerts/scheduled-searches/schedule-search.md +++ b/docs/alerts/scheduled-searches/schedule-search.md @@ -45,7 +45,7 @@ This setting is different than the Time Range option configured for the Saved Se ::: :::note -The time range limitations below applies to both parent queries and sub-queries in your scheduled search. +The time range limitations below apply to both parent queries and subqueries in your scheduled search. ::: Alternately, type a time range; for example, -15m to run the search against data generated in the past 15 minutes. A time range outside the maximum allowed range for a given frequency is not allowed and presents the message like this: `Invalid query. Max allowed time range for 15 minutes frequency is 1 day`. From d21e3aca4e43a301edf549f3a95890b4182a06f3 Mon Sep 17 00:00:00 2001 From: Amee Lepcha Date: Mon, 28 Jul 2025 20:56:22 +0530 Subject: [PATCH 5/6] Update 2025-07-28-alerts.md --- blog-service/2025-07-28-alerts.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/blog-service/2025-07-28-alerts.md b/blog-service/2025-07-28-alerts.md index ca8f28812c..6ed7696934 100644 --- a/blog-service/2025-07-28-alerts.md +++ b/blog-service/2025-07-28-alerts.md @@ -8,7 +8,7 @@ keywords: hide_table_of_contents: true --- -We've introduced time range limits for sub-queries in scheduled searches. This change helps you prevent long-running, inefficient queries, especially those impacting system stability and that drive up costs. While maintaining flexibility, these optimizations protect system health and reduce operational overhead. +We've introduced time range limits for subqueries in scheduled searches. This change helps you prevent long-running, inefficient queries, especially those impacting system stability and that drive up costs. While maintaining flexibility, these optimizations protect system health and reduce operational overhead. Key benefits of this enhancements include: From 668bdac14d6e56736e7f391837d8abd8296ca086 Mon Sep 17 00:00:00 2001 From: Amee Lepcha Date: Mon, 28 Jul 2025 20:57:00 +0530 Subject: [PATCH 6/6] Update 2025-07-28-alerts.md --- blog-service/2025-07-28-alerts.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/blog-service/2025-07-28-alerts.md b/blog-service/2025-07-28-alerts.md index 6ed7696934..405aa8059e 100644 --- a/blog-service/2025-07-28-alerts.md +++ b/blog-service/2025-07-28-alerts.md @@ -1,5 +1,5 @@ --- -title: Time range limits for subqueries in Scheduled Searches (Alerts) +title: Time range limits for subqueries in scheduled searches (Alerts) image: https://help.sumologic.com/img/reuse/rss-image.jpg keywords: - alerts